Search EggHeadCafe's Job Board
EggHeadCafe Silverlight WPF ASP.NET VB.NET C# Excel SQL Server SharePoint
search
IIS GroupsView
Inetserver Asp Db
Inetserver Asp General
Inetserver Iis
Inetserver Iis Security
Frontpage Client
Frontpage Extensions Windowsnt
Frontpage Programming

Group SummariesView
.NET Framework
Access
BizTalk
Certifications
CRM
DDK
Exchange Server
FoxPro
French
French .NET
Games
German
German .NET
Graphic Design
IIS
Internet
ISA Server
Italian
Italian .NET
Maps
MCIS
Miscellaneous
Mobile Apps
Money
MSN
Networking
Office
Ops Mgr
Publisher
Security
SharePoint
Small Business
Spanish
Spanish .NET
SQL Server
Systems Management Server
Transaction Server
Virtual PC / Virtual Server
Visual Studio
Win32
Windows 2000
Windows 2003 Server
Windows 7
Windows Live
Windows Media
Windows Update
Windows Vista
Windows XP
 

View All Microsoft Inetserver Iis Posts  Ask A New Question 

Exe files on Windows 2003 Server IIS6....
jim posted on Sunday, May 04, 2008 2:14 AM

 
I have some exe files in a "files" directory on Windows 2003 Standard
Edition Server running IIS.

The  "files" directory is a sub-directory of a site on the server that
functions as expected except for when you click a link to any *.exe file in
this directory.  If you try and access and exe file, you get a 404 "File not
found" error.

The files are on the server and in the proper location, so it must be a
security setting of some type.  The problem is.....what type?

Do you know why I cannot access the exe files on this site?

Any help that you could offer would be greatly appreciated.

Thanks!
reply

 

Exe files on Windows 2003 Server IIS6....
jim posted on Sunday, May 04, 2008 2:34 AM

 
Well, I found the answer at ....
http://blogs.msdn.com/david.wang/archive/2005/07/11/Allow_file_downloads_on_IIS_6.aspx

Basically, David Wang said......

Your error message indicates that you have "Scripts and Executables"
enabled, so IIS is trying to execute the .exe file on the web server, and
since the .exe is not allowed by any defined Web Service Extension, a 404.2
results. The corrective action depends on what you want to do.

1.. If you want to allow .exe files to be downloaded as-is to the browser,
then you must NOT have "Scripts and Executables" as Execute Permissions.
2.. If you want to execute the .exe file on the server to generate a
response that is sent to the browser (possibly interpreted as a download),
then you MUST have "Scripts and Executables" as Execute Permissions, and you
must enable a Web Service Extension for that .exe file.
Details
Whenever the user makes the browser request a resource like
to happen:

1.. Return the file contents of myapp.exe as-is to the browser (aka file
download)
2.. Execute myapp.exe on the web server to generate a dynamic response
(aka execute CGI script)
Now, the web server controls which action should happen, and on IIS, this is
controlled by the "Execute Permissions" property of the virtual directory
containing the .exe file. If the permission is set to "Scripts and
Executables", then IIS will do action #2. Otherwise, it will do action #1.

Prior to IIS 6.0, there were no further security checks against either
action. On IIS 6.0, there is one additional security check, depending on the
action:

1.. For action #1, the file resource's extension (.exe in this case) must
have a defined MIME Type or else a 404.3 occurs. .exe has a MIME Type of
application/octet-stream by default, so file download should just work.
2.. For action #2, there must be an enabled Web Service Extension for the
full path to the .exe resource to allow IIS to execute it to generate a HTTP
response or else a 404.2 occurs. For securety reasons, IIS 6 does not allow
any resource to execute by default unless otherwise configured/allowed in
Web Service Extension.
//David"

Kudos to David Wang and his wonderfully short and to-the-point advice!
(Bookmarking his site wouldn't be a bad idea either...)

jim
reply

Thanks for finding and answering your own question!
David Wang posted on Tuesday, May 06, 2008 2:40 AM

 
Thanks for finding and answering your own question! :-)

That is what I am hoping the blog can do -- be a searchable repository
of answers and advice that I commonly encounter, condensed in the way
that I want (instead of the little mess I have to go through to get it
published otherwise).


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



005/07/11/Allow_file_downlo...
2
ser,

ou

le

is

he
ust
the
TP
w
reply

 
 

Previous Microsoft Inetserver Iis conversation.